The abstract reads: The move to the cloud brings a number of new security challenges, but the application remains your last line of defense. Engineers are extremely well poised to perform tasks critical for securing the application—provided that certain key obstacles are overcome.
The paper explores three ways to help development bear the burden of security that the cloud places on them:
- Use penetration testing results to help engineers determine how to effectively “harden” the most vulnerable parts of the application.
- Apply the emerging practice of “service virtualization” to provide engineers the test environment access needed to exercise realistic security scenarios from the development environment.
- Implement policy-driven development to help engineers understand and satisfy management’s security expectations.
It’s an in-depth article with some practical suggestions for improving your code security in the cloud. If you’re not familiar with Crosstalk, it’s “The Journal of Defense Software Engineering” and is full of interesting articles but carries no advertising. Give it a try.